Re: workstation as router/firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 05, 2003 at 06:01:59AM -0500, John Meagher wrote:
> From: "Jay Daniels" <jay@xxxxxxxxxxx>
> 
> > Probably MS Windows worms and virus trying to spread, but I would
> really
> > like to know what or who is trying to connect to my ports!
> 
> tcpdump will tell you.  Or if you want a nice display, use ethereal.
> 

But the router blocks all that before it gets to the linux box.  Light
flashing in internet side of router, no lights flashing on linux box.
So, tcpdump nor ethereal will show anything!

> > Would it be silly to scrap the hardware router/firewall in place of
> > iptables and connect the dsl line directly to my nic just like the old
> > days when that's all that we had available???
> 
> Your router is usually what converts dsl to ethernet.  You need it
> anyway for that.  An extra firewall won't hurt you.
> >
> > Note:  I use this server as my primary workstation.  I run X and have
> > even built a custom iptables script which passed all online (outside)
> > test. This was before I installed the hardware (firewall router
> > device).
> 
> What kind of device connects to your dsl line?
> >

Explanation of current setup.

Ok, the linux box connects to the router/firewall device, this device
is attached to what I call a DSL modem, Paradyne.  I'm not sure if the
proper name is DSL "modem".

What's strange about this DSL setup, there is no authentication or
login!  So I guess it's possible if my system was down someone could
actually use my ip address - perhaps another DSL user who is with the
same provider.  Or, they could initiate a DoS attack and flood my
system with packets and then restart their network using my ip, in
essense steal my ip address!

There are probably many unseen security issues with this type of DSL.
Another reason I want access to the packets hitting me box.  With the
DSL router between the linux box and the paradyne, I can't see the
traffic - the router doesn't log these packets, it just denies or
blocks them.  I am also concerned about using fetchmail with pop3 on
this DSL connection.  I want to know if other DSL users with my
provider can capture my login/password when I fetchmail.

> 
> > Other concerns:
> > 783/tcp    open        hp-alarm-mgr # WTF?
> > 6000/tcp   open        X11 # why is X running on port 6000?
> >
> are you using spamassassin?
> use:
> fuser -n <proto> <port>
> to determine which process is using which port
> >
> from the iana well-known ports list:
> x11             6000-6063/tcp   X Window System
> x11             6000-6063/udp   X Window System
---end quoted text---

Spamassassin is installed.

But why does x11 use any ports and can I close the port without
killing X?  Is it the font server, xfs?  I don't care about running X
apps from remote ssh, etc.


jay


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux